Hi Georg, I don't use it
Thanks, Jeff On 10/15/21 10:32 AM, Georg Kallidis wrote:
Hi Turbine Dev community, before we are ready to come up with the "big" Turbine Core release 5.1 (any volunteers noticing it now ;-)!) we need to do a Fulcrum Security Component release, as it is a core dependency. But I still get vulnerability warnings for the hibernate module, if I run mvn org.owasp:dependency-check-maven:aggregate -DskipTests=true https://nvd.nist.gov/vuln/detail/CVE-2020-25638 https://nvd.nist.gov/vuln/detail/CVE-2019-14900 We have the following options: a) just wait until someone is prepared to fix it by upgrading (at least to hibernate 5.3.23 from 3.6.10). b) ignore it (suppress it) or c) disable/remove it ? Does anyone need this component to be up-to-date soon ? If no, IMO we should disable it for now -? Nevertheless a JIRA task-issue could be opened to do it later .. Best regards, Georg
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
